Invite-only and social providers

I’m building an invite only application and I want my users to authenticate using social providers.

Current implementation is based on the guide from https://auth0.com/docs/design/creating-invite-only-applications. Detailed algorithm is:

  1. Admin invites a user to the application using email address
  2. User gets email with activation link and opens it
  3. Application marks user as ‘invited’ and creates user in auth0 database
  4. Application requests password change
  5. User gets ‘verify your email’ message and click ‘verify your account’
  6. User logs in using Google

The questions are:

  1. On step (5) user gets ‘verify’ request, not ‘change password’. Which is kinda misleading. User still does not have any password for database login. What should I change for user to get ‘change password’ email? Maybe there’s some way to send ‘set a password’ email?
  2. After step (6) auth0 has 2 users with same emails - for database and Google connections. Should I use “Link a user account” Management API call to bind social provider user to primary database-provided user?
1 Like

Hi @alik,

Sorry for the lack of response on this topic. Hopefully you were able to work this out.

We are currently seeking feedback to improve our User Invitation flow. If you have a moment, please take a second to checkout this feedback opportunity with one of product managers.

Thanks!